Each type of website generally has a large volume of website users. Out of these website users, some website users, after logging into a website, use that website as a platform to conduct certain fraudulent activities with other website users. For example, some sellers, such as website users of Taobao Marketplace, may post fake product information on Taobao Marketplace and steal money from buyers by not sending products after a payment is received. With respect to a website system, these website users who conduct fraudulent activities belong to dangerous website users.
In order to prevent and control fraudulent activities of dangerous website users, it is necessary to accurately identify who dangerous website users are from an enormous volume of website users. Generally, a website user logs into a website through an account, and accounts bound with different website users are different. Therefore, a website user can be directly identified using his/her account. Furthermore, by determining whether a certain account has been involved in a fraudulent event, a determination is made as to whether a website user that is bound to that account is a dangerous website user. For those website users who are determined to be dangerous, the website can further adopt a prevention and control measure, such as closely monitoring corresponding accounts or closing the corresponding accounts if needed. However, these dangerous website users usually register multiple accounts on a same website by various means, and can use other active accounts to continuously conduct fraudulent activities after one account is closed.
When a website user logs into a website through an account, a server usually records basic information that indicates user identity of the user, for example, IP address, Agent, cookie, user ID (such as an email or a mobile phone number of the user) or a MAC (Medium/Media Access Control) address, etc. Even though a website user may register multiple accounts on a same website, these accounts may very likely be associated with a same user identity. For example, all accounts are associated with a same IP address when a website user utilizes a same computer to register the accounts on a same website. When multiple accounts are associated with a same user identity, an account group that is constructed from these accounts may likely be bound to a same website user. Therefore, an account group associated with a same user identity may also be used for identifying a website user in addition to an account. Moreover, by determining whether a certain account has been involved in a fraudulent event, a determination may be made as to whether a website user that is bound to that account is a dangerous website user. For example, a server may enlist all user identities associated with an account in a blacklist. Any website user who is bound to an account associated with a user identity in the blacklist is a dangerous website user.
However, existing technologies have at least the following problems: although identifying a website user using an account group associated with a same user identity has a broader scope of identification and a higher accuracy rate as compared to using an account, a dangerous website user is more cautious and all accounts used thereby may not share a same user identity. For example, when a website user uses different computers to register a plurality of accounts, these accounts will be associated with different IP addresses. Therefore, a process of using user identity associated with an account that has been found to be involved in fraudulent activities still fails to comprehensively identify a dangerous website user, with an accuracy thereof being limited to a certain extent. In addition, when determining an account group using the above association relationship, all accounts and user identities need to be searched in order to find an account group associated with a same user identity. As the number of the accounts and user identities are tremendous, the workload of the server in performing the above searches is very heavy, resulting in very low processing speed of the server.